War Walking: by Nirav Goti
War Walking: by Nirav Goti
War Walking: by Nirav Goti
by Nirav Goti
Who am I?
I am InfoSec guy...
Who is into Web, Thick client, Thin
client, IoT, wireless and Forensics.
Agenda ●
●
Wireless communication
Different types and bands of 802.11
● Wireless pentesting
● Wireless States
● 802.11 Terminologies
● War Walking
● Requirements
● Kismet
● Demo
Wireless Communication (802.11)
● Who defines the bandwidth.
○ ITU Radio Regulations.
● Modulations (ISM and UNII)
○ ISM - Industrial, scientific and medical:-
■ Radio bands reserved internationally for the use of radio
frequency energy for industrial, scientific and medical
purposes other than telecommunications.
○ UNII - Unlicensed National Information Infrastructure:-
■ Radio band is part of the radio frequency spectrum used by
IEEE 802.11a devices and by many wireless ISPs.
Modulations (ISM and UNII)
ISM - Industrial, scientific and medical
● The entire spectrum is only 100 MHz wide. This means the 11 channels have to squeeze
into the 100 MHz available, and in the end, overlap.
● If going to use 40MHz channels, take into consideration that the airwaves may be
congested, unless you live in a house in the middle of a very large property.
There are four standards a, b, g and n in 802.11 over 2.5 GHz (ISM Band).
There are three standards ac, ad and af in 802.11 over 5 GHz (UNII Band).
802.11 Standards and Bands
ISM - Industrial, scientific and medical
802.11 Standards and Bands
UNII - Unlicensed National Information Infrastructure
Channels
A WiFi channel is the medium through which our wireless networks can
send and receive data.
Having an security protocol over the wireless is must due to the sensitive
information that is being conveyed through emails, banking applications,
payment gateways, etc.
These wireless security protocols include WEP, WPA, WPA2 and WPA3
each with their own strengths and weaknesses.
Reference for more info...
802.11 Cryptography
Wireless Pentesting
Scanning
Gaining Access
Wireless Pentesting
● Bypassing WLAN Authentication – Shared Key, MAC Filtering, Hidden SSIDs
● Cracking WLAN Encryption – WEP, WPA/WPA2 Personal and Enterprise, Understanding
encryption based flaws (WEP,TKIP,CCMP)
● Attacking the WLAN Infrastructure – Rogues Devices, Evil Twins, DoS Attacks, MITM, Wi-
Fi Protected Setup
● Advanced Enterprise Attacks – 802.1x, EAP, LEAP, PEAP, EAP-TTLS
● Attacking the Wireless Client – Honeypots and Hotspot attacks, Caffe-Latte, Hirte, Ad-Hoc
Networks and Viral SSIDs, WiFishing
● Enterprise Wi-Fi Worms, Backdoors and Botnets
Wireless states
Access Point (AP): Continuously sends broadcasting beacons
This process will help you collect all the necessary details to raise a war
against the infrastructure via wireless telecommunication devices.
War Walking
War Walking
What is war driving?
What is war driving?
Requirements
ALFA card (Wireless adaptor)
Uninstall it.
Kismet
Because the default kismet does not cover all the bases.
And
Kismet
Kismet
● git clone https://www.kismetwireless.net/git/kismet.git
● sudo apt-get install build-essential git libmicrohttpd-dev zlib1g-dev
libnl-3-dev libnl-genl-3-dev libcap-dev libpcap-dev libncurses5-dev
libnm-dev libdw-dev libsqlite3-dev protobuf-c-compiler libprotobuf-c-
dev libusb-1.0-0 libusb-1.0-0-dev protobuf-compiler
● cd kismet
● ./configure
● make
● sudo make suidinstall
● sudo usermod -a -G kismet <YourUsername>
Kismet
Kismet
● https://github.com/binkybear/kismet_web_viewer
○ pip install -r requirements.txt
○ Python app.py
● https://tools.kali.org/wireless-attacks/giskismet
○ giskismet -x Kismet-<blah-blah>.netxml
○ giskismet -q "SELECT * FROM wireless" -o all.kml
Thank you!
Any Questions?